This document provides API reference material for the components of Django’s
authentication system. For more details on the usage of these components or
how to customize authentication and authorization see the authentication
topic guide.

Boolean. Designates whether this user account should be considered
active. We recommend that you set this flag to False instead of
deleting accounts; that way, if your applications have any foreign keys
to users, the foreign keys won’t break.

This doesn’t necessarily control whether or not the user can log in.
Authentication backends aren’t required to check for the is_active
flag, and the default backends do not. If you want to reject a login
based on is_active being False, it’s up to you to check that in
your own login view or a custom authentication backend. However, the
AuthenticationForm used by the
login() view (which is the default)
does perform this check, as do the permission-checking methods such
as has_perm() and the
authentication in the Django admin. All of those functions/methods will
return False for inactive users.

Always returns True (as opposed to
AnonymousUser.is_authenticated() which always returns False).
This is a way to tell if the user has been authenticated. This does not
imply any permissions, and doesn’t check if the user is active or has
a valid session. Even though normally you will call this method on
request.user to find out whether it has been populated by the
AuthenticationMiddleware
(representing the currently logged-in user), you should know this method
returns True for any User
instance.

Returns True if the user has the specified permission, where perm
is in the format "<applabel>.<permissioncodename>". (see
documentation on permissions). If the user is
inactive, this method will always return False.

If obj is passed in, this method won’t check for a permission for
the model, but for this specific object.

A dictionary of keyword arguments containing the user credentials that were
passed to authenticate() or your own custom
authentication backend. Credentials matching a set of ‘sensitive’ patterns,
(including password) will not be sent in the clear as part of the signal.

This is the default authentication backend used by Django. It
authenticates using credentials consisting of a user identifier and
password. For Django’s default user model, the user identifier is the
username, for custom user models it is the field specified by
USERNAME_FIELD (see Customizing Users and authentication).

Configures a newly created user. This method is called immediately after a
new user is created, and can be used to perform custom setup actions, such
as setting the user’s groups based on attributes in an LDAP directory.
Returns the user object.